Computer networks are complex systems and they
contain errors and inconsistencies
and some of these will have serious security implications.
Every programme
that is designed will have security bugs due to the customer
demands and the vendor pressures. Buyers demand that computers
and programmes are easy to use and security is never a priority.
Vendors sell systems with everything switched on by default
in case
it is needed at some point and users never turn off things
they do not use or need.
All those issues create vulnerabilities that CSIRTs try to
help tackle.

There is commercial pressure to ship code as soon as its
completed and functional testing is often incomplete or security
testing is rarely done.Vulnerabilities are inevitable, having
bug-free code is almost impossible due to the demands. This
is where fixes come,
as soon as a vulnerability is discovered, an exploit is published
and a fix is released demanding implementation. CSIRTs encourage
self protection on getting the users
to install the patches
as soon as they are available.